Posts from January 2017

31 January 2017

During its first few weeks, the Trump administration issued several executive orders that left heads spinning, with many federal personnel unclear of the implications. One particular order that is causing significant anxiety among federal cybersecurity personnel – including thousands of (ISC)² members -- is the hiring freeze. How is the freeze impacting our U.S. government member community and the government’s overall cyber progress? After numerous conversations with federal cybersecurity leaders, one thing is clear - there is an abundance of unknowns and a unanimous sentiment of unpredictability. Yet, when outcomes are hard to predict, sometimes it helps to know that...
Read more →

30 January 2017

Name: Robert Kato Title: IT Specialist Employer: African Development Bank Education: Bachelor’s Degree in Information Technology and Master’s Degree in Information Systems Years in IT: 10 Years in cybersecurity: 5 Cybersecurity certifications: CISSP, CCNA Security How did you decide upon a career in cybersecurity? I started my career mostly doing systems administration and networking roles. At that time, especially in Africa, connectivity and system performance were the most important aspects. We had servers that had 128GB of memory and a 64 Kpbs DSL link and would cost $500 monthly. However, with the increase in computing power and high speed internet...
Read more →

27 January 2017

Yves Le Roux, co-chair and public policy workgroup lead, (ISC)2 EMEA Advisory Council This Saturday marks the 10th anniversary for Data Protection Day, celebrated each year on 28 January – which is the date the Council of Europe’s data protection convention, known as “Convention 108”, was established. Data Protection Day, known as Privacy Day outside of Europe, is now celebrated globally, raising awareness of people’s rights as they relate to the automatic processing of their data. Each year, events are held around the world to both arm citizens with the information they need to understand and protect their rights, while...
Read more →

25 January 2017

Yes, you did read the headline right. It is the conclusion of a United Kingdom’s Government review (Cyber security regulation and incentives review) published right at the end of 2016. Here, the UK Government concludes that the EU General Data Protection Regulation (GDPR), with its reporting requirements and financial penalties represents a significant call to action, so no further regulation is required at this time. This decision is to be applauded for four reasons. First, many UK-based organisations are also having to prepare for the European Union Network Information Security (NIS) Directive. Both NIS and GDPR are placing significant resource...
Read more →

23 January 2017

Name: Nanditha Rao Title: Information Systems Security Principal Employer: CSRA, LLC Degree: Master of Science in Computer Science Years in IT: 14 Years in cybersecurity: 11 Cybersecurity certifications: CCSP, CISSP How did you decide upon a career in cybersecurity? I found myself in the field due to the encouragement from my supervisors who believed that I had the analytical skills to move from IT risk management to IT security and cybersecurity. It was a natural transition for me, and I really enjoyed working in the domain. Since my start in the security field, I have actively worked to learn new...
Read more →

20 January 2017

Cybersecurity professionals are in high demand and it’s projected to stay that way for the foreseeable future. Part of the mission of the Center for Cyber Safety and Education, (formerly the (ISC)² Foundation), is to provide scholarships to undergraduate and graduate students who are pursuing careers in the field of information security. In 2016, the Center awarded scholarships to 44 students worldwide. The undergraduate recipients were invited to apply for the Harold F. Tipton Memorial Scholarship, which is awarded to an aspiring information security student, to help provide a pathway to the profession. The prestigious scholarship was named after the...
Read more →

17 January 2017

Let's pretend you're planning a big trip, and you need a nice place to stay. After considering different options online, you find a place that sounds great. The photos appear perfect. So, here's the question. When you arrive, will the lodging match your expectations...or is it just too good to be true? When you're choosing among CISSP® training providers, we know you're sorting through a variety of companies and often times, big, beautiful claims. To ensure you aren't surprised when you reach the CISSP certification exam, here are three myths debunked. Myth #1: Pass rates of 90%+ are guaranteed. What...
Read more →

12 January 2017

Name: Miriam Celi Title: Technical Leader – Secure Coding IT Quality Assurance Employer: Humana, Inc. Years in IT: 20 Years in cybersecurity: 7 Cybersecurity certifications: CISSP, GISP How did you decide upon a career in cybersecurity? I got into a career in cybersecurity by chance. In early 2009, I joined a small startup that specialized in personal identity verification (PIV) solutions for the government. I was very fortunate that since the company was small, I was able to perform various roles, such as integrating products with various physical access control systems and biometric devices, representing the company in security conferences...
Read more →

11 January 2017

In one month, the world will talk security at RSA Conference in San Francisco, CA. The annual information security event will be held at the Moscone Center February 13-17. (ISC)² team members can be found on the exhibit floor in booth S-342. Stop by to pick up a copy of the March/April issue of InfoSecurity Professional magazine, printed exclusively for RSA Conference. We will also have 2017 member pins, CISSP® t-shirts, lightsabers (yes, that’s right) and more. The times and dates of demonstrations at our booth – including Vulnerability Central sessions – can be viewed online. (ISC)² members who register...
Read more →

06 January 2017

The 2016 Americas ISLA Ceremony and Gala honored the best and brightest in the field of cybersecurity. Held each year at the (ISC)² Security Congress, the dinner and awards presentation took place at Jimmy Buffet’s Margaritaville where Jim Davis, creator of Garfield, was the keynote speaker. James McQuiggan, CISSP, was the emcee of the evening. A long-time volunteer and advocate for the Center for Cyber Safety and EducationTM’s Safe and Secure Online® program, he kicked off the evening wearing a Safe and Secure t-shirt – later changing into a festive Hawaiian shirt and grass skirt – before embracing the “Florida...
Read more →

03 January 2017

Name: Mahbubul Islam Title: Head of Secure Design Employer: U.K. Government Department Degree: B.Sc., M.Sc. Years in IT: 15 Years in cybersecurity: 10 Cybersecurity certifications: CCSP, CISM, SABSA, LCCP, ISO27001 LA How did you decide upon a career in cybersecurity? I started working for the U.K. government in 2001 and whilst working on various standard projects, I was successful in landing an apprentice role as an Information Assurance Manager. The role was very flexible, as it was the first of its kind which allowed myself and my colleagues to determine a structured plan to develop security skills within the fields...
Read more →

About the (ISC)² Blog

As the certifying body for more than 125,000 cyber, information, software and infrastructure security professionals worldwide, (ISC)² believes in the importance of open dialogue and collaboration. (ISC)² established this blog to provide a voice to certified members, who have significant knowledge and valuable insights that can benefit other security professionals and the public at large.

The (ISC)² blog gives members a forum to exchange ideas and inspires a safe and secure cyber world by supporting the advancement of the information security workforce via a public exchange with a broad range of information security topics.

Whether an (ISC)² member chooses to participate in the (ISC)² blog is his or her own decision. The postings on this site are the author's own and don't necessarily represent (ISC)²'s positions, strategies or opinions. (ISC)² monitors the blog in accordance with the (ISC)² Blog Guidelines, but the bloggers are responsible for their own content – common sense and intelligence should prevail.

Other than links to the (ISC)² website, (ISC)² does not control or endorse any links to products or services provided in this blog and makes no warranty regarding the content on any other linked website.

Those who post comments to (ISC)² blogs should ensure their comments are focused on relevant topics that relate to the specific blog being discussed. (ISC)² reserves the right to remove any post or comment from this site. Should you find objectionable content in this blog, please notify us as soon as possible at blog@isc2.org